# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Contributor: tcely <knot-resolver+aports@tcely.33mail.com>
# Maintainer: Jakub Jirutka <jakub@jirutka.cz>
pkgname=knot-resolver
pkgver=5.7.3
pkgrel=1
pkgdesc="Minimalistic caching DNS resolver implementation"
url="https://www.knot-resolver.cz/"
# s390x some problem with luajit
# riscv64, loongarch64 blocked by luajit
arch="all !riscv64 !s390x !loongarch64"
license="GPL-3.0-or-later"
pkgusers="kresd"
pkggroups="kresd"
depends="dnssec-root lua5.1-cqueues lua5.1-http"
_depends_dnstap="$pkgname=$pkgver-r$pkgrel"
_depends_http="$pkgname=$pkgver-r$pkgrel lua5.1-mmdb"
_depends_dnstap_dev="fstrm-dev protobuf-dev protobuf-c-dev"
depends_dev="
	knot-dev>=2.8.0
	libedit-dev
	libuv-dev>=1.7
	luajit-dev>=2.0
	$_depends_dnstap_dev
	"
depends_static="$pkgname-dev=$pkgver-r$pkgrel"
makedepends="
	$depends_dev
	bash
	gnutls-dev
	libcap-ng-dev
	lmdb-dev
	luacheck
	meson
	py3-flake8
	"
checkdepends="cmocka-dev"
install="
	$pkgname.pre-install
	$pkgname.post-upgrade
	$pkgname-openrc.pre-upgrade
	$pkgname-openrc.post-upgrade
	"
subpackages="
	$pkgname-dbg
	$pkgname-mod-http:http:noarch
	$pkgname-mod-dnstap:dnstap
	$pkgname-libs-static
	$pkgname-dev
	$pkgname-doc
	$pkgname-openrc
	"
source="https://secure.nic.cz/files/knot-resolver/knot-resolver-$pkgver.tar.xz
	kresd.confd
	kresd.initd
	kres-cache-gc.initd
	kres-cache-gc.confd
	"

# secfixes:
#   5.7.1-r0:
#     - CVE-2023-50387
#     - CVE-2023-50868
#   5.5.3-r0:
#     - CVE-2022-40188
#   5.1.1-r0:
#     - CVE-2020-12667
#   4.3.0-r0:
#     - CVE-2019-19331
#   4.1.0-r0:
#     - CVE-2019-10190
#     - CVE-2019-10191
#   2.3.0-r0:
#     - CVE-2018-1110

build() {
	abuild-meson \
		--default-library=both \
		-Dclient=enabled \
		-Dgroup="$pkggroups" \
		-Dinstall_kresd_conf=enabled \
		-Dunit_tests=enabled \
		-Duser="$pkgusers" \
		-Dmanaged_ta=disabled \
		-Dkeyfile_default=/usr/share/dnssec-root/trusted-key.key \
		build

	meson compile -C build
}

check() {
	meson test --no-rebuild --print-errorlogs -C build
}

package() {
	DESTDIR="$pkgdir" meson install --no-rebuild -C build

	cd "$pkgdir"

	# These are useless on non-systemd distro.
	rm ./usr/lib/knot-resolver/distro-preconfig.lua
	rm ./usr/lib/knot-resolver/upgrade-4-to-5.lua

	install -m 755 -D "$srcdir"/kresd.initd ./etc/init.d/kresd
	install -m 644 -D "$srcdir"/kresd.confd ./etc/conf.d/kresd
	install -m 755 -D "$srcdir"/kres-cache-gc.initd ./etc/init.d/kres-cache-gc
	install -m 644 -D "$srcdir"/kres-cache-gc.confd ./etc/conf.d/kres-cache-gc

	install -d -m 750 -o kresd -g kresd ./var/cache/knot-resolver
}

http() {
	pkgdesc="Knot Resolver - HTTP/2 services"
	depends="$_depends_http"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/http* "$subpkgdir"/$moddir/
}

dnstap() {
	pkgdesc="Knot Resolver - dnstap logging"
	depends="$_depends_dnstap"

	local moddir="usr/lib/$pkgname/kres_modules"

	mkdir -p "$subpkgdir"/$moddir
	mv "$pkgdir"/$moddir/dnstap.so "$subpkgdir"/$moddir/
}

_gpg_signature_extensions="asc"
_gpgfingerprints="
	good:BE26 EBB9 CBE0 59B3 910C  A35B CE8D D6A1 A50A 21E4
	good:4A8B A48C 2AED 933B D495  C509 A1FB A5F7 EF8C 4869
	B600 6460 B60A 80E7 8206  2449 E747 DF1F 9575 A3AA
	"

sha512sums="
e3d52cce589c0c1bbd8360daae3004ce3150a418eb69e47bde3344867bcba3d434363c10e2833a5ebaf484770612b2697bd0cf464bce51c432f54e5a7cd446f8  knot-resolver-5.7.3.tar.xz
2c4002130af10f02735d1503d2543fd334721efb466c0ac288ef9218faa91c3d892f0fafd5fa8c3fd8fdb771be7d2aa367c7c1e0a12b13272e05ab2100d5d7c7  kresd.confd
a9d9fa0472e1e0f65714768755d64e18c45086396476290d4ad29e019e62b641347d866689fda125cee58b34c32e95cb532815eac8831480d16606b9d23d4230  kresd.initd
036b290a6645d9da2805f69d202ab7187e55067d490e38ec9ddaa2fd434a93b6715af9ca585f7a6dad154ed4ce362a973947343a6eb4137a7f2797f6d8adcd5a  kres-cache-gc.initd
cbb69b3369f7496f7b481de1e564ad2352e20681f8e40b13003b3b834f1b00aee3f0e0f14d08c1263284052f2e3c2916323e183eac6ffcffe2fe5d353321b376  kres-cache-gc.confd
"
